#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

The Hacker News | Expert Insights

Breach Transparency Remains Cybersecurity's Toughest Governance Problem

Breach Transparency Remains Cybersecurity's Toughest Governance Problem

Jul 06, 2026
Cybersecurity is entering a new phase. It's one where the gap between awareness and operational execution is becoming the industry's biggest challenge. That's what stood out to me most after reviewing the results of the 2026 Bitdefender Cybersecurity Assessment , which found that organizations have never had greater insight into the risks they face, yet turning that understanding into meaningful action remains a persistent challenge. Nowhere is that gap more visible, in my view, than in how organizations handle breach transparency. We surveyed 1,200 IT and cybersecurity professionals across six countries: France, Germany, Italy, Singapore, the United Kingdom, and the United States. Respondents ranged from frontline employees to IT managers to CISOs, all working within organizations with 500 or more employees. A Governance Problem, Not an Attacker Problem One of the most troubling findings in our report is not about attacker behavior. It's about internal respons...
AI-Speed Attacks Are Forcing a Rethink of Incident Response

AI-Speed Attacks Are Forcing a Rethink of Incident Response

Jul 06, 2026 Cyber Risk / AI Security
The most important cybersecurity impact of artificial intelligence is not that attackers can write better phishing emails or automate parts of their workflow. It is that AI is changing the speed, scale, and decision-making dynamics of cyberattacks.  That creates a problem many organizations have not yet fully confronted: most cyber governance and incident response models were designed for human-speed attacks.  For years, security teams operated under a familiar sequence. Detect suspicious activity. Investigate. Validate the threat. Escalate to leadership. Decide on containment. Communicate with stakeholders. That model still has value, but it assumes defenders have enough time to build confidence before taking material action.  AI-enabled attacks challenge that assumption.  Adversaries can now use AI to accelerate reconnaissance, generate highly personalized social engineering, modify malware, test payloads, summarize stolen data, identify vulnerabilities, a...
Beyond Blocking: Disrupting the Social Engineering Attack Chain

Beyond Blocking: Disrupting the Social Engineering Attack Chain

Jun 22, 2026
For years, our industry has treated “blocking” as the gold standard. If the email didn’t land, if the malware didn’t execute, if the alert fired in the SIEM, we called it a win. That mindset made sense in a world where most attacks came through a handful of familiar doors. But AI has changed the game. We’re not dealing with hobbyists sending out clumsy phishing attacks anymore. Modern adversaries are running multi‑channel, AI‑assisted businesses at machine speed. And if all you’re doing is blocking at the edge, you’re not really defending. You’re just delaying. Generative AI has made it trivial to spin up highly personalized, multi‑step social engineering campaigns that operate simultaneously across email, collaboration apps, mobile, social media, and paid media. The result is a social engineering attack chain : a sequence of stages designed to manufacture trust, erode judgment, and bypass brittle controls. You don’t beat that by tuning another filter. You have to disrupt the at...
Identity Security in 2026: The Brutal Truth Enterprises Still Avoid

Identity Security in 2026: The Brutal Truth Enterprises Still Avoid

Jun 22, 2026
Modern attacks are not primarily defeating infrastructure. They are inheriting trust. Identity Did Not Become Important. It Became Infrastructure. Security teams still talk about identity as though it is one security discipline among many, sitting beside endpoint protection, cloud security, network defense, and vulnerability management. That framing no longer reflects how modern enterprises actually operate. Modern business environments run on identity, delegated trust, cloud roles, automation pipelines, APIs, machine permissions, and continuously exchanged credentials. Users authenticate into SaaS platforms that the organization does not own. Workloads assume permissions that nobody provisions manually. Services trust other services built across years of acquisitions, migrations, technical debt, and operational compromise. The enterprise is no longer running on infrastructure alone. It is running on identity. Attackers recognized this shift before many defenders did. That i...
Building a Security Strategy for AI-Powered Ransomware Attacks

Building a Security Strategy for AI-Powered Ransomware Attacks

Jun 22, 2026
Launching a ransomware attack used to take real effort. Now, thanks to AI, almost anyone can launch a sophisticated attack, which changes the game for everyone responsible for protecting businesses. Reconnaissance that once took hours now takes minutes. Phishing emails that used to require careful crafting can now be generated at scale and sent to hundreds of targets simultaneously. IBM's 2025 Cost of a Data Breach Report found that AI reduced the time required to create phishing emails from 16 hours to just 5 minutes. For MSPs managing dozens or hundreds of clients, and for internal IT teams holding the line across an entire organization, understanding how AI is changing ransomware is key to staying ahead of the threat and minimizing disruption when attacks occur. The attack that starts in the inbox Before attackers can encrypt files or demand a ransom, they first need a way into the organization. One of the easiest ways to get that access is by tricking someone into cli...
Why Active Directory Vulnerabilities Demand More Than a Patch

Why Active Directory Vulnerabilities Demand More Than a Patch

Jun 15, 2026
The disclosure of CVE-2026-25177, a high-severity privilege escalation flaw in Microsoft Active Directory Domain Services, is a timely reminder that identity infrastructure remains one of the most consequential attack surfaces in the modern enterprise. Rated HIGH with a CVSS score of 8.8, this vulnerability allows an authenticated domain user to escalate privileges and move laterally across the network without elevated starting permissions or any user interaction. The mechanics are instructive. If a compromised account holds native Active Directory (AD) permission to modify Service Principal Names (SPNs), an attacker can create a duplicate SPN for a targeted service. When clients request Kerberos authentication, the domain controller may issue a ticket encrypted with the wrong key, causing a denial of service or forcing a fallback to the weaker NTLM protocol. No access to the targeted server is required beyond that initial SPN-write permission. In an environment where Active Directo...
Why Runtime Scanning Is Too Late for Your CI/CD Supply Chain Security

Why Runtime Scanning Is Too Late for Your CI/CD Supply Chain Security

Jun 15, 2026
The structural flaw in detection-only security postures runs deeper than tooling choices. Every hour a security team spends triaging runtime alerts is an hour not spent governing what entered the pipeline in the first place. And in modern CI/CD environments, that means the handful of alerts that represent genuine software supply chain compromise arrive only after the malicious dependency has already executed its payload, exfiltrated credentials, or established persistence inside the environment. The industry built an entire market category on that backwards logic, and enterprises are now paying for it in breach costs, developer burnout, and regulatory exposure that carries personal liability for the security leaders whose names appear on the program. The shift that actually reduces risk is not better monitoring at the end of the pipeline; it is governing the point of ingestion before code ever enters your lifecycle, which is a fundamentally different problem requiring a fundamental...
Cybersecurity Resources